Fraud prevention and detection for online advertising

ABSTRACT

A system and a method are disclosed for detecting and preventing fraud in online advertising environments. In one embodiment, the system and process include a publisher with a web page with which an advertisement set and a unique request identifier are sent to a user browser when the user requests the web page. The unique request identifier is unique, publisher specific, advertisement specific, for a single instance. A database keeps track of the unique request identifier so that when a user “clicks” on a link to access an advertiser&#39;s web site, the unique request identifier associated with the advertisement can be checked against the unique request identifier in the database to determine whether the “click” was one that may be non-fraudulent or valid.

RELATED APPLICATION

This application claims a benefit of, and priority to, U.S. Patent Application Ser. No. 60/683,437, filed May 20, 2005, and titled “Fraud Detection and Prevention for Online Advertisements,” the contents of which are herein incorporated by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention generally relates to the field of online advertising, and more specifically, to fraud avoidance and/or detection for online advertisement.

2. Description of the Related Art

Conventional online advertising in the context of pay per click is known. A conventional set up includes a publisher that supplies web content on web pages and an advertiser that advertises on the web page. In this arrangement, an advertiser typically has a uniform resource locator (URL) link on the web page. An end user clicks on when that end user browses the publisher's web page if that end user is interested in the advertiser's link. For each click through, the advertiser pays the publisher some predetermined amount that may be purchased real time, on credit, or some other financial arrangement that pays on a per click or group of click basis.

A problem with such conventional online advertising is that it is susceptible to fraud. One example of fraud is referred to as competitive fraud. In competitive fraud a competitor (or other organization whose interests are not aligned with the advertiser) may harvest from a webpage click URL addresses of advertisers. Specifically, the competitor may employ individuals to click on the links of other advertisers on a web page so that those advertisers ends up with a large financial bill to each advertiser with no associated sales for any of them, which results in financial loss.

Another problem with conventional online advertising is click fraud. In some advertising arrangements, a publisher may be paid on a per click basis for an advertisement so that each click on an advertiser's URL on a web page results in revenue for the publisher. With click fraud, to maximize revenue a publisher may employ individuals or technology such as bots to trigger click throughs on a web page. Again, this results in a large financial bill to the advertiser from the publisher and no associated sales for the advertiser, which results in financial loss.

Hence, there is a need for a system and a method for detecting and preventing fraud in online advertising environments to allow advertisers and publishers to track fraudulent conditions and take appropriate corrective action.

SUMMARY OF THE INVENTION

The present invention includes a system (and a method) for detecting and preventing fraud for online advertising. In one embodiment the system tracks activity associated with a web site. The system receives, from a requester, a request for information to supplement content on the web site. The request includes a unique request identifier and a publisher identifier. The system retrieves a unique information identifier. The unique information identifier includes information unique to the request for one instance. The system generates a unique request identifier. The unique request identifier includes the unique information identifier. The system transmits the unique request identifier to the requester and logs the unique request identifier and the publisher identifier in a database for later comparison.

Subsequently, the system receives the unique resource identifier and the unique information identifier when information that was transmitted to the requester was selected by the requestor when the requestor is on the web site. Upon receipt of this information from the requestor, the system validates the unique information identifier and either logs it as valid or invalid. In particular, the system compares the received the unique resource identifier and the unique information identifier with the logged unique resource identifier and the unique information identifier to determine if they were previously paired. If they were previously paired, the request is invalid and if not previously paired, the request is valid. If the unique information identifier is logged as invalid, the response is sent back to the requester indicating as such. If it is logged as valid, the system redirects the requester to a second URL in response to logging a valid unique information identifier.

An advantage of the present invention includes providing additional information, e.g., an advertisement, in a manner that includes an identifier of that information and the URL of the web site with which it is associated so that when that information is selected it can be paired (or matched) with stored identifier data to determine whether the selection is “valid.” Thus, the information is verifiable, or auditable, for applications that would benefit from such data, for example, advertisement providers or purchasers associated with content on a web site. Such data would then be used to identify whether clicks on a web site are fraudulent due to activity from, for example, a click harvesting mechanism.

The features and advantages described in the specification are not all inclusive and, in particular, many additional features and advantages will be apparent to one of ordinary skill in the art in view of the drawings, specification, and claims. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention has other advantages and features which will be more readily apparent from the following detailed description of the invention and the appended claims, when taken in conjunction with the accompanying drawings, in which:

Figure (FIG.) 1 a illustrates one embodiment of a generational operational architecture for a fraud prevention and detection system.

FIG. 1 b illustrates one embodiment of an advertisement (advert) generation and reconciliation system.

FIG. 2 illustrates one embodiment of a client-server interaction for advertisement (advert) generation.

FIG. 3 illustrates one embodiment for advertisement presentation in a configuration as disclosed.

FIG. 4 illustrates one embodiment of click reconciliation in a configuration as disclosed.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The Figures (FIGS.) and the following description relates to preferred embodiments by way of illustration only. It should be noted that from the following discussion, alternative embodiments of the structures and methods disclosed herein will be readily recognized as viable alternatives that may be employed without departing from the principles of the claimed invention.

Reference will now be made in detail to several embodiments, examples of which are illustrated in the accompanying figures. It is noted that wherever practicable similar or like reference numbers may be used in the figures and may indicate similar or like functionality. The figures depict embodiments for purposes of illustration only. One skilled in the art will readily recognize from the following description that alternative embodiments of the structures and methods illustrated herein may be employed without departing from the principles of the described herein.

For ease of discussion, embodiments of the system (or method) are described in the context of advertisement generation, for placement on a web page, and subsequent selection and reconciliation of that generated advertisement to determine whether such selection was a valid or invalid selection. It is noted that the principles disclosed herein are also applicable to other configurations that generate a specific instance of information, forward that information, allow selection of that information, and validate that information through a reconciliation process.

Referring now to FIG. 1 a, it illustrates one embodiment of a general operational architecture for a fraud prevention and detection system. The architecture includes an advertiser 110, a publisher 120, and a fraud monitor 130. The advertiser 110 is configured to purchase click advertisements on a web page (or web site). The publisher 120 provides content on the web page and sells the click advertisements, e.g., to the advertiser 110. Typically, the publisher 120 sells the click advertisement to the advertiser 110 on a “per click” or per set of clicks basis. The publisher 110 logs each click (or selection) or each set of clicks (selections) on the web page to charge it back to the advertiser 110.

In one embodiment, the publisher 120 is a host or web server on the Internet. In such embodiments, the publisher 120 allows for the content to be accessed by a client computing system (client system, computer and/or site) through a browser (e.g., Microsoft® Internet Explorer or Mozilla Firefox) on the client system. Subsequently, a user at the client system may select one or more of the advertisements of the advertiser 110 on the publisher's web page by “clicking” on that advertisement. However, the advertisements of the advertiser 110 on the publisher's web page may be continuously selected over and over either accidentally or maliciously. Moreover, a computing mechanism such as a “bot” may be configured to continuously select the advertisement. In such instances, the advertiser 110 is charged a fee for each time the advertisement is selected. Thus, to combat such activity the fraud monitor 120 is configured within an embodiment of a system and a process to detect, report, and for/or prevent it.

The fraud monitor 130 is configured to monitor and report on click activity. Further, the fraud monitor 130 can be configured to generate advertisement sets that allow for subsequent reconciliation for monitoring (or auditing) when any of the advertisements in the set are selected. In one embodiment, selection of an advertisement can be reconciled as described herein, the selection is considered to be valid; else it is considered to be invalid. Thus, in one embodiment, the fraud monitor 130 may be configured as an advertisement generation and reconciliation system.

FIG. 1 b illustrates one embodiment of an advertisement (advert) generation and reconciliation system in accordance with the present invention. The advertisement generation and reconciliation system may be configured as a web server on a host (or server) side of a client-server processing configuration. The web server may be a configuration of one or more physical and/or logical computing machines configured to provide processing power, including processor(s), memory, storage, operating system, software for execution and the like.

The advertisement generation and reconciliation system includes an advertisement identifier engine 140, an advertisement database 145, a request identifier engine 150, a code (generation) engine 155, a log engine 160, a generated log database 165, a validation engine 170, a validation log database 175, and a command engine 180. These components are communicatively coupled together through a data bus 190. It is noted that the data bus 190 may be wired or wireless and that the communications coupling may be direct (e.g., physical) or indirect (e.g., logical). Operation of the components is further described with reference to FIGS. 2 through 4.

Turning to FIG. 2, it illustrates one embodiment of a client-server interaction for advertisement generation in accordance with the present invention. The process configuration includes client-side processing 205 and server side processing 225 that are communicatively coupled through a communications medium, for example, the Internet 210 or an Intranet. In one embodiment, the client side processing 205 includes a client system that executes a web browser and the server side processing 225 includes one or more web servers configured to execute processes as further described below.

The illustrated process starts with a user viewing 220 a web page on a client system (e.g., a browser on a client computer). In the web page is an embedded advertising link (or links). The process continues with receipt of a request from the client system (e.g., user clicks on a link as the web page displayed in the browser) to serve the embedded advertising link as well as the uniform resource locator (URL) of the web page (referrer URL). Specifically, in one embodiment the client system forwards an identification of the publisher 120, or publisher identifier, to the web server identify the publisher 120 web page (or site) into which the advertising link(s) are to be served.

When the web server receives the request, it determines through the advertisements identifier engine 140 which set of advertisements from the advertisement database 145 to return for display. The set of advertisements may be one advertisement or two or more advertisements. Each advertisement has a unique advertisement identifier that is also retrieved 225 from the advertisement database 145.

The process continues with calculating 230 a “URL_hash” of the referrer URL. As an example, the referrer URL is a URL an end user types into a browser in an attempt to access a web page at that URL address. The calculated 230 URL_hash is a one-way hash of the referrer URL of the web page into which the advertising link(s) are to be served. In addition, for each advertisement, the process generates 235 a unique advertisement view identifier. In one embodiment, the unique advertisement view identifier is a globally unique identifier (GUID), which can be a pseudo-random number generated to be unique for each unique web page and each unique advertisement identifier. The paired unique advertisement identifier and the unique advertisement view identifier provide a fingerprint for a single instance of the serving of a specific advertisement, which is later reconciled 420.

The process continues with the code engine 155 assembling 240 a response payload for the client system. The response payload comprises executable code, e.g., Javascript, that includes the publisher identifier, the URL_hash, the unique advertisement identifier, and a hash of the corresponding unique advertisement view identifier. The hash of the unique advertisement view identifier also may be referred to as a GUID_hash. Once assembled, the response payload is sent 245 by the web server to the client system.

The client system receives the executable code, which contains the publisher identifier, URL_hash, and the set of unique advertisement identifiers and corresponding unique advertisement view identifier pairs, along with the contents and format of the link (or links) to be displayed and a URL pointing to a click handling page, and displays 250 the appropriate advertisements therein on the web page in the browser. When a link is selected by a user (as further described herein) the browser on the client system can execute the executable code, redirect the browser to the URL pointing to the click handling page.

Note in one embodiment the process writes the publisher identifier, the URL_hash, the unique advertisement identifier, and a hash of the corresponding unique advertisement view identifier to database, e.g., a valid link table. The log engine 160 logs 255 this data for storage 260 in the generated log database 165 for later access. In addition, it is noted that the valid link table is periodically replicated to a back-end statistics server.

Turning to FIG. 3, it illustrates one embodiment of advertisement interaction in accordance with the present invention. Referring first to the client side processing 205, a process is executed in conjunction with the executable code received from the server side processing 225. Specifically, the process displays the link (or links) and asserts a mouse over 310 (e.g., OnMouseOver) and click (e.g., OnClick) event trap on each link. The mouse over 310 includes moving a pointing device (e.g., mouse, trackball, computing pen, etc.) cursor over a link (e.g., advertisement link) in the browser.

If the pointer over event fires (or triggers) the process enables 320 a click on advertisement corresponding to the unique advertisement identifier by setting the link to active and clickable by a status flag. When the user “clicks” (selects or triggers) 315, the advertisement link in the browser, the process determines 325 if the click has been enabled (i.e., a selection has been made). Specifically, if a click event fires (or triggers) the process checks to determine if the pointer over event has fired. If no click was enabled, the process ignores 330 the click and does nothing.

If the click event fires and the pointer over event has been fired, the process generates a destination URL, containing the destination URL of the click handling page on the web server and a query string containing the unique advertisement identifier, the unique advertisement view identifier, the publisher identifier, the URL_hash. In one embodiment, the process opens 335 a new instance of the browser (a window or a tab) that targets the destination URL. In one embodiment, a user can observe this new instance of the browser beginning with a blank screen. The unique advertisement identifier, the unique advertisement view identifier, the publisher identifier, the URL_hash are sent from the browser to the web server on the server side processing 225.

On the server side processing 225, the web server receives the page call with information from the client side processing 205. The validation engine 170 in the web server looks up the unique advertisement identifier in its valid advertisement list to determine 340 if the advertisement is valid and to retrieve the valid advertisement destination URL. The process determines that the advertisement is valid by determining whether the unique advertiser identifier is valid. In one embodiment they are one-to-one linked. If the unique advertiser identifier is not valid, the process logs 345 the invalid unique advertisement identifier, the publisher identifier, and the URL_hash for storage in the validation log database 175. The command engine 180 then sends 350 a window (or tab) close command to the browser on the client system. This closes 360 the browser window on the client system.

If the advertisement is valid, the validation engine 170 logs 365 the valid unique advertisement identifier, the hash of the unique advertisement view identifier (GUID_hash), the publisher identifier, and the hash of the referrer URL (URL_hash) in the validation log database 175. It is noted that the validation log database 175 can be configured to function as a back end statistics database. The command engine 180 then sends 370 a command to the browser on the client system to redirect 375 the browser to the target URL, which is a valid advertisement destination URL.

In one embodiment, the process logs 365 the valid unique advertisement identifier as a “click token” that corresponds to the publisher identifier, the unique advertisement identifier, a hash of the unique advertisement view identifier (GUID_hash) and the hash of the referrer URL (URL_hash). Periodically, the table of “click tokens” is replicated to the validation log database 175 (e.g., a back-end statistics database).

The process of validating a unique advertisement identifier includes a reconciliation process that compares the data received from the browser on the client system with the previously stored data in the generated logged database 165 on the server side system. FIG. 4 illustrates one embodiment of a click reconciliation process in accordance with the present invention.

Initially, a set of unique advertisement identifiers, the publisher identifier, GUID_hashes, and URL_hash are processed 410 for each “click” (or selection or trigger) 415 from a collated click log file (or files). In one embodiment, processing includes the steps in 415 through 445 in a “for each” loop. The information is logged in the log database shown in, for example, FIG. 2. In addition, the process obtains access 425 to the validation log database 175 of valid unique advertisement identifiers, publisher identifiers, GUID_hashes, and URL_hash. In particular, the validation log database 175 provides a back-end statistics database that maintains a list of all valid unique advertisement identifier and GUID_hash pairs issued within a predefined rolling time period which is derived from the valid link tables of the generated log database 165 from the web servers.

By referring to the entries in the validation log database 175, the process determines 420 whether the unique advertisement identifier and the GUID_hash matches 420 an entry in the validation log database 175 (e.g., a “fingerprint”). In one embodiment, a “click token” from the validation log database is checked to determine if it corresponds to a valid unique advertisement identifier and GUID_hash entry in the generated log database.

If there is no match between the pairs of entries, the process logs 430 the invalid unique advertisement identifier, publisher identifier, and URL_hash click information into a database. The data can be structured for dissemination through a report function. If there is a match, i.e., the two entries are appropriately paired, the process determines 435 if the pair has already been counted. For example, the process determines if a link relating to advertising associated with the pair has already been served.

If the unique advertisement identifier and GUID_hash pair is valid (i.e., they match) and the link has not previously been served, the process (e.g., through a statistics server) logs (or counts) 445 the activation as a valid click for a revenue reporting perspective against the publisher identifier. If the unique advertisement identifier and GUID_hash pair is invalid, or this link has previously been served, the process logs 440 into a database, e.g., an invalid click table, information that includes the publisher identifier, click details, and time and date stamp of the invalid click.

The process monitors the invalid click database (or table) on a predetermined time (or periodic) basis to respond to occurrences of invalid clicks based on predefined thresholds. Based on the rules (e.g., user defined system pre-defined) governing the predefined threshold, the process executes pre-defined actions associated with the rules. For example, the rules can be structured so that when the predefined thresholds are exceeded a warning communication is transmitted to a machine that monitors transactions.

An advantage of the present invention includes providing additional information, e.g., an advertisement, in a manner that includes an identifier of that information and the URL of the web site with which it is associated so that when that information is selected it can be pair (or matched) with stored identifier data to determine whether the selection is “valid.” Thus, the information is verifiable, or auditable, for applications that would benefit from such data, for example, advertisement providers or purchasers associated with content on a web site. Such data would then be used to identify whether clicks on a web site are fraudulent due to activity from, for example, a click harvesting mechanism.

Upon reading this disclosure, those of skill in the art will appreciate still additional alternative structural and functional designs for a system and a process for a system and a method for detecting and preventing fraud for online advertising through the disclosed principles of the present invention. Thus, while particular embodiments and applications of the present invention have been illustrated and described, it is to be understood that the invention is not limited to the precise construction and components disclosed herein and that various modifications, changes and variations which will be apparent to those skilled in the art may be made in the arrangement, operation and details of the method and apparatus of the present invention disclosed herein without departing from the spirit and scope of the invention as defined in the appended claims. 

1. A method of tracking activity associated with a web site, the method comprising: receiving from a requester a request for information to supplement content on the web site, the request including a unique request identifier and a publisher identifier; retrieving a unique information identifier, the unique information identifier including information unique to the request for one instance; generating a unique request identifier, the unique request identifier including the unique information identifier; transmitting the unique request identifier to the requester; and logging the unique request identifier and the publisher identifier in a database. 2-20. (canceled) 